PT-2022-26699 · Unknown · Train Scheduler App
Published
2022-10-27
·
Updated
2024-02-14
·
CVE-2022-42992
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Train Scheduler App version 1.0
Description
The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the
Train Code, Train Name, and Destination text fields. This enables the execution of malicious scripts, potentially leading to unauthorized actions on the affected system.Recommendations
For Train Scheduler App version 1.0, consider disabling the text fields for
Train Code, Train Name, and Destination to prevent the injection of malicious payloads until a fix is available. Restrict access to these fields to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Train Scheduler App